Thursday, June 5, 2014

Gimbal Bluetooth iBeacon Advertising

Gimbal iBeacons

Below are some packet captures from the Gimbal Proxmity Beacon Series 10. These are advertisements from two devices.

First 5 seconds

For the first five seconds the devices appear to broadcast their Bluetooth addresses. Notice the AdvA for each of the following two captures:

Device 1 (a4:d8:56:01:75:ce)

 size 16  
 systime=1401996656 freq=2402 addr=8e89bed6 delta_t=22295.843 ms  
 00 1b ce 75 01 56 d8 a4 02 01 06 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 00 4f 0c 96 24 40 b3   
 Advertising / AA 8e89bed6 / 27 bytes  
   Channel Index: 37  
   Type: ADV_IND  
   AdvA: a4:d8:56:01:75:ce (public)  
   AdvData: 02 01 06 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 00 4f 0c 96  
     Type 01 (Flags)  
       00000110  
     Type 07 (128-bit Service UUIDs)  
       960c4f00-244c-11e2-b299-00a0c60077ad  
   
   Data: ce 75 01 56 d8 a4 02 01 06 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 00 4f 0c 96  
   CRC:  24 40 b3

Device 2 (a4:d8:56:01:a5:cc)

 size 16  
 systime=1401997031 freq=2402 addr=8e89bed6 delta_t=100.627 ms  
 00 1b cc a5 01 56 d8 a4 02 01 06 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 00 4f 0c 96 3b 3e 4b   
 Advertising / AA 8e89bed6 / 27 bytes  
   Channel Index: 37  
   Type: ADV_IND  
   AdvA: a4:d8:56:01:a5:cc (public)  
   AdvData: 02 01 06 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 00 4f 0c 96  
     Type 01 (Flags)  
       00000110  
     Type 07 (128-bit Service UUIDs)  
       960c4f00-244c-11e2-b299-00a0c60077ad  
   
   Data: cc a5 01 56 d8 a4 02 01 06 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 00 4f 0c 96  
   CRC:  3b 3e 4b


The BlueScan Android app shows these as:

  • Vendor: Qualcomm Labs Inc.
  • Desc: FyxBoot

Then after 5 seconds...

Each device starts the following broadcasts.

Device 1 (a4:d8:56:01:75:ce)

 systime=1401999056 freq=2402 addr=8e89bed6 delta_t=417.941 ms  
 42 25 48 36 14 0f c5 10 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 93 4a 0c 96 0c ff 8c 00 4e 12 7d 0c 5c 42 59 c1 a2 3a 5f 15   
 Advertising / AA 8e89bed6 / 37 bytes  
   Channel Index: 37  
   Type: ADV_NONCONN_IND  
   Data: 48 36 14 0f c5 10 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 93 4a 0c 96 0c ff 8c 00 4e 12 7d 0c 5c 42 59 c1 a2  
   CRC:  3a 5f 15


Device 2 (a4:d8:56:01:a5:cc)

 systime=1401999005 freq=2402 addr=8e89bed6 delta_t=650.694 ms  
 42 25 d5 1c c9 d5 5c 39 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 97 4b 0c 96 0c ff 8c 00 d1 82 94 2c 57 52 4a 6f bc 5a 62 06   
 Advertising / AA 8e89bed6 / 37 bytes  
   Channel Index: 37  
   Type: ADV_NONCONN_IND  
   Data: d5 1c c9 d5 5c 39 11 07 ad 77 00 c6 a0 00 99 b2 e2 11 4c 24 97 4b 0c 96 0c ff 8c 00 d1 82 94 2c 57 52 4a 6f bc  
   CRC:  5a 62 06


The ADV_NONCONN_IND advertisement is an undirected broadcast that is not connectable, nor is it scanable (i.e. it won't respond to a SCAN_REQ in response to an advertisement).
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)